Summary: | net-im/everybuddy <= 0.4.3 insecure temporary file creation | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Romang <zataz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | humpback, rizzo, sekretarz, tester, tigger |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | C3? [upstream+ masked] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Romang
2005-05-30 01:23:54 UTC
Auditors please verify. no TOCTOU, just an insecure use of a predictable temp filename. The ebuild has no metadata and has had no meaningful meaningful modification for over 2 years, I was unable to connect to any supported network to test the application. upstream site is down, and looks like this project has been abandoned, I would suggest masking. ok for masking :) Gustavo/Don any comments or should it just be masked prior to complete removal? Oliver/Karol please advise. go for the masking it should go for the masking Patchers/maintainers please mask. MAsked prior to complete removal what are we waiting for to completely remove it ? We usually wait a few months... But the herd can remove it anytime. A few months has passed now... Any news on this one? Any news on this one? Punted |